ci(workflows): add gh pat for @dependabot

Signed-off-by: Lexus Drumgold <unicornware@flexdevelopment.llc>

Author: unicornware

.github/workflows/dependabot-auto.yml

@@ -21,11 +21,8 @@
 ---
 name: dependabot-auto
 on: pull_request
-permissions:
- contents: write
- pull-requests: write
 env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ GITHUB_TOKEN: ${{ secrets.PAT_DEPENDABOT }}
  YARN_ENABLE_IMMUTABLE_INSTALLS: false
 jobs:
  dependabot-auto:
@@ -46,6 +43,7 @@ jobs:
  with:
  persist-credentials: ${{ steps.metadata.outputs.package-ecosystem == 'npm_and_yarn' }}
  ref: ${{ github.head_ref }}
+ token: ${{ env.GITHUB_TOKEN }}
  - id: lockfile-fix
  name: Fix yarn.lock
  if: steps.metadata.outputs.package-ecosystem == 'npm_and_yarn'
@@ -63,8 +61,6 @@ jobs:
  git add yarn.lock
  git status
  git diff-index --quiet HEAD || git commit -m 'chore(yarn): fix lockfile' && git push -f
- env:
- GITHUB_TOKEN: ${{ secrets.PAT_ADMIN }}
  - id: approve-pr
  name: Approve pull request
  run: gh pr review ${{ github.event.number }} --approve